Bizagi Studio security

<< Click to Display Table of Contents >>

Navigation:  Bizagi Studio > Bizagi Studio installation > Teamwork setup >

Bizagi Studio security

Overview

Bizagi offers a collaborative environment where you and co-workers can work simultaneously on the same project.

If you have several processes in your project you might need to restrict accesses to some resources to prevent the users modifying one process, that will affect other processes in turn.

 

 

BS Security1

 

 

By default all Bizagi projects are created with NO SECURITY, that is, no access rights are configured. Enable Bizagi Studio Security to ensure the suitable people have access to the correct resources.

 

Resources for which Security can be managed are:

 

Applications

Processes

Entities

Global Business Rules

 

As soon as a resource has any type of Security (either to deny or to allow), Bizagi will assume that the resource is restricted and only users with Create, Modify or Full Control access will be able to modify it. All others access will be restricted.

 

Resources with Security

Security can be managed for certain elements, or resources in Bizagi Studio. Security can be assigned to a specific users or to an entire user group.

The specific Security action vary depending on the type of Resource. There are three types of actions:

 

Create: Allow to create a Resource.

Modify: Allow editing a Resource but not creating a new one.

Full Control: Allow to execute every possible action over a Resource (Create, Modify, Delete) and assign Security to it.

 

Access rights are inherited. If the Resource with a higher hierarchy has certain permissions, the child Resource will acquire the given permission as well. That is, unless the child Resource has specific permissions of its own.

 

The following list describes the Resources and the actions relating to each of them.

 

Applications and processes security

 

Resource

Create

Modify

Full Control

Applications main node

Create new applications

N/A

N/A

Applications

Create new Processes and Sub-processes

Is visible and modifiable

Create, modify and manage Security

Processes

N/A

Is visible and modifiable

Create, modify and manage Security

Process versions

N/A

Is visible and modifiable

Create, modify and manage Security

 

Access rights are inherited. If you have Modify permissions over an Application, then you will also have permissions over all the Process related to that Application and all its elements: Forms, business rules, expressions, etc. Everything contained in the hierarchical tree.

 

The creation of new Processes will inherit the Security configuration given to their related Application.

 

BS Security12

 

Entities security

 

Resource

Create

Modify

Full Control

Entities main node

Create new entities

N/A

N/A

Application entities

N/A

Is visible and modifiable

Create, modify and manage Security

Master entities

N/A

Is visible and modifiable

Create, modify and manage Security

Parameter entities

N/A

Is visible and modifiable

Create, modify and manage Security

 

Most projects have entities that are crucial for the proper functioning of a Process, and any uncontrolled changes can affect its development. You can restrict access permissions to those entities to limit modifications.

 

Access rights are inherited. If you have Modify permissions over an entity then you will also have permissions over all its related elements: Attributes, forms, values, queries, expressions. All descendants in the hierarchical data of the given entity.

 

When you have been Denied the Modify permissions over an entity, you will not be able to modify any of its elements. Note the Entity's elements will be available for use (in Forms, expressions) but NOT for modification.

 

Global Business Rules security

 

Resource

Create

Modify

Full Control

Applications

N/A

Is visible and modifiable

Create, modify and manage Security

Global Functions

N/A

Is visible and modifiable

Create, modify and manage Security

Global Expressions

N/A

Is visible and modifiable

Create, modify and manage Security

 

When you have been Denied the Modify permissions over an expression or a function, you will not be able to modify it. The expression or function will be available for use but can NOT be modified.

 

 

Administrators and non-Administrators

Only Administrators have the right to add additional users and groups in the Bizagi Studio Security option.

Administrators will be able to grant rights for all elements that handle security (i.e., Authentication, Authorization and LDAP) in Bizagi Studio.

Administrators will always have access rights over all elements that handle security in Bizagi Studio.

Users that are NOT Administrators will not be able to grant rights for elements that handle security in Bizagi Studio, unless they have Full Control permissions over a certain resource.

Users that are NOT Administrators will be able to create or modify elements that handle security in Bizagi Studio, according to the rights given by Administrators.

 

Additional considerations

When you configure Bizagi Studio Security, users and user groups lists will be populated automatically with the users that are already part of the project's Bizagi Administrator Group. This group is configured through the server's Management in Windows operating systems.

When you add users to any element in Bizagi Studio Security they will be included automatically  in the Bizagi Administrators Group.

If you delete any user from Bizagi Studio Security they will NOT be deleted from the Bizagi Administrators Group.

When a user has been restricted (denied) to modify an element, but is able to access it (like Forms, or business rules), if attempting to edit it he or she will receive a message:

 

BS Security8

 

The same applies to the results of the Search option. These will return all the elements that match a condition, But if a user does not have permissions over one of search result items than a window will inform the user of this restriction.